Insertion of Sensitive Information Into Sent Data in n8n - #VU137170
Published: July 8, 2026
n8n
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information and impersonate the configured Google service account.
The vulnerability exists due to insertion of sensitive information into sent data in JWT header generation when using Google Service Account credentials. A remote attacker can obtain or inspect a JWT header containing the full PEM private key to disclose sensitive information and impersonate the configured Google service account.
Only instances using Google Service Account credentials are affected.